icypeas-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill directs the agent to connect to an external MCP server at https://rube.app/mcp. This domain is not included in the list of verified trusted sources.
- [PROMPT_INJECTION] (LOW): The core workflow relies on dynamic 'execution plans' and schemas provided by the remote Rube MCP server via RUBE_SEARCH_TOOLS. This creates an indirect prompt injection surface where the agent might follow malicious instructions embedded in the tool search results. Evidence: 1. Ingestion points: RUBE_SEARCH_TOOLS response (external data from rube.app). 2. Boundary markers: Absent; instructions advise following the returned execution plans. 3. Capability inventory: RUBE_MULTI_EXECUTE_TOOL (executes discovered tools), RUBE_MANAGE_CONNECTIONS. 4. Sanitization: No sanitization or verification of the remote execution plan is specified.
Audit Metadata